Vulnerability-Lookup

RHSA-2026:13938

Vulnerability from csaf_redhat - Published: 2026-05-06 08:55 - Updated: 2026-05-27 21:42

Summary

Red Hat Security Advisory: Red Hat Hardened Images RPMs bug fix and enhancement update

Severity

Important

Notes

Topic: An update for Red Hat Hardened Images RPMs is now available.

Details: This update includes the following RPMs: httpd: * httpd-2.4.67-0.1.hum1 (aarch64, x86_64) * httpd-core-2.4.67-0.1.hum1 (aarch64, x86_64) * httpd-devel-2.4.67-0.1.hum1 (aarch64, x86_64) * httpd-filesystem-2.4.67-0.1.hum1 (noarch) * httpd-manual-2.4.67-0.1.hum1 (noarch) * httpd-tools-2.4.67-0.1.hum1 (aarch64, x86_64) * mod_ldap-2.4.67-0.1.hum1 (aarch64, x86_64) * mod_lua-2.4.67-0.1.hum1 (aarch64, x86_64) * mod_proxy_html-2.4.67-0.1.hum1 (aarch64, x86_64) * mod_session-2.4.67-0.1.hum1 (aarch64, x86_64) * mod_ssl-2.4.67-0.1.hum1 (aarch64, x86_64) * httpd-2.4.67-0.1.hum1.src (src)

Terms of Use: This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.

CVE-2026-23918

A flaw was found in Apache HTTP Server. This vulnerability, related to a double free error within the HTTP/2 protocol implementation, could potentially allow a remote attacker to execute arbitrary code. Successful exploitation could lead to a complete compromise of the affected system.

8.8 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CWE-1341 - Multiple Releases of Same Resource or Handle

Affected products

Fixed 4 products

Product	Version	Remediation
Unresolved product id: Red Hat Hardened Images:httpd-main@aarch64	—	Vendor Fix fix Workaround
Unresolved product id: Red Hat Hardened Images:httpd-main@noarch	—	Vendor Fix fix Workaround
Unresolved product id: Red Hat Hardened Images:httpd-main@src	—	Vendor Fix fix Workaround
Unresolved product id: Red Hat Hardened Images:httpd-main@x86_64	—	Vendor Fix fix Workaround

Threats

Impact Important

CVE-2026-24072

A flaw was found in Apache HTTP Server. This escalation of privilege vulnerability allows local attackers, specifically those with the ability to author .htaccess files, to read sensitive files. This flaw enables unauthorized access to files with the privileges of the httpd user, potentially leading to information disclosure.

5.5 (Medium)


                        
                          CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

CWE-73 - External Control of File Name or Path

Affected products

Fixed 4 products

Product	Version	Remediation
Unresolved product id: Red Hat Hardened Images:httpd-main@aarch64	—	Vendor Fix fix Workaround
Unresolved product id: Red Hat Hardened Images:httpd-main@noarch	—	Vendor Fix fix Workaround
Unresolved product id: Red Hat Hardened Images:httpd-main@src	—	Vendor Fix fix Workaround
Unresolved product id: Red Hat Hardened Images:httpd-main@x86_64	—	Vendor Fix fix Workaround

Threats

Impact Moderate

CVE-2026-33007

A flaw was found in the mod_authn_socache module of httpd. This vulnerability allows an unauthenticated remote user to crash a child process due to a NULL pointer dereference when the server is operating in a caching forward proxy configuration.

5.3 (Medium)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

CWE-476 - NULL Pointer Dereference

Affected products

Fixed 4 products

Product	Version	Remediation
Unresolved product id: Red Hat Hardened Images:httpd-main@aarch64	—	Vendor Fix fix Workaround
Unresolved product id: Red Hat Hardened Images:httpd-main@noarch	—	Vendor Fix fix Workaround
Unresolved product id: Red Hat Hardened Images:httpd-main@src	—	Vendor Fix fix Workaround
Unresolved product id: Red Hat Hardened Images:httpd-main@x86_64	—	Vendor Fix fix Workaround

Threats

Impact Moderate

CVE-2026-34032

A flaw was found in the mod_proxy_ajp module of httpd. When processing AJP (Apache JServ Protocol) messages, the server fails to properly check if a string is null-terminated before attempting to read it, allowing an attacker or a malformed request to cause a heap-based buffer over-read. This issue potentially leads to memory disclosure and a denial of service.

8.2 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H

CWE-170 - Improper Null Termination

Affected products

Fixed 4 products

Product	Version	Remediation
Unresolved product id: Red Hat Hardened Images:httpd-main@aarch64	—	Vendor Fix fix Workaround
Unresolved product id: Red Hat Hardened Images:httpd-main@noarch	—	Vendor Fix fix Workaround
Unresolved product id: Red Hat Hardened Images:httpd-main@src	—	Vendor Fix fix Workaround
Unresolved product id: Red Hat Hardened Images:httpd-main@x86_64	—	Vendor Fix fix Workaround

Threats

Impact Moderate

CVE-2026-34059

A flaw was found in the mod_proxy_ajp module of httpd. When processing AJP (Apache JServ Protocol) messages, the ajp_parse_data function attempts to read data beyond the allocated buffer size, allowing an attacker or a malformed request to cause a heap-based buffer over-read. This issue potentially leads to memory disclosure and a denial of service.

8.2 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H

CWE-126 - Buffer Over-read

Affected products

Fixed 4 products

Product	Version	Remediation
Unresolved product id: Red Hat Hardened Images:httpd-main@aarch64	—	Vendor Fix fix Workaround
Unresolved product id: Red Hat Hardened Images:httpd-main@noarch	—	Vendor Fix fix Workaround
Unresolved product id: Red Hat Hardened Images:httpd-main@src	—	Vendor Fix fix Workaround
Unresolved product id: Red Hat Hardened Images:httpd-main@x86_64	—	Vendor Fix fix Workaround

Threats

Impact Moderate

References

30 references

URL	Category
https://access.redhat.com/errata/RHSA-2026:13938	self
https://images.redhat.com/	external
https://access.redhat.com/security/cve/CVE-2026-23918	external
https://access.redhat.com/security/cve/CVE-2026-24072	external
https://access.redhat.com/security/updates/classi…	external
https://access.redhat.com/security/cve/CVE-2026-34032	external
https://access.redhat.com/security/cve/CVE-2026-33007	external
https://access.redhat.com/security/cve/CVE-2026-34059	external
https://security.access.redhat.com/data/csaf/v2/a…	self
https://access.redhat.com/security/cve/CVE-2026-23918	self
https://bugzilla.redhat.com/show_bug.cgi?id=2465304	external
https://www.cve.org/CVERecord?id=CVE-2026-23918	external
https://nvd.nist.gov/vuln/detail/CVE-2026-23918	external
https://httpd.apache.org/security/vulnerabilities…	external
https://access.redhat.com/security/cve/CVE-2026-24072	self
https://bugzilla.redhat.com/show_bug.cgi?id=2464941	external
https://www.cve.org/CVERecord?id=CVE-2026-24072	external
https://nvd.nist.gov/vuln/detail/CVE-2026-24072	external
https://access.redhat.com/security/cve/CVE-2026-33007	self
https://bugzilla.redhat.com/show_bug.cgi?id=2465299	external
https://www.cve.org/CVERecord?id=CVE-2026-33007	external
https://nvd.nist.gov/vuln/detail/CVE-2026-33007	external
https://access.redhat.com/security/cve/CVE-2026-34032	self
https://bugzilla.redhat.com/show_bug.cgi?id=2464952	external
https://www.cve.org/CVERecord?id=CVE-2026-34032	external
https://nvd.nist.gov/vuln/detail/CVE-2026-34032	external
https://access.redhat.com/security/cve/CVE-2026-34059	self
https://bugzilla.redhat.com/show_bug.cgi?id=2464940	external
https://www.cve.org/CVERecord?id=CVE-2026-34059	external
https://nvd.nist.gov/vuln/detail/CVE-2026-34059	external

JSON

To clipboard

{
  "document": {
    "aggregate_severity": {
      "namespace": "https://access.redhat.com/security/updates/classification/",
      "text": "Important"
    },
    "category": "csaf_security_advisory",
    "csaf_version": "2.0",
    "distribution": {
      "text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "en",
    "notes": [
      {
        "category": "summary",
        "text": "An update for Red Hat Hardened Images RPMs is now available.",
        "title": "Topic"
      },
      {
        "category": "general",
        "text": "This update includes the following RPMs:\n\nhttpd:\n  * httpd-2.4.67-0.1.hum1 (aarch64, x86_64)\n  * httpd-core-2.4.67-0.1.hum1 (aarch64, x86_64)\n  * httpd-devel-2.4.67-0.1.hum1 (aarch64, x86_64)\n  * httpd-filesystem-2.4.67-0.1.hum1 (noarch)\n  * httpd-manual-2.4.67-0.1.hum1 (noarch)\n  * httpd-tools-2.4.67-0.1.hum1 (aarch64, x86_64)\n  * mod_ldap-2.4.67-0.1.hum1 (aarch64, x86_64)\n  * mod_lua-2.4.67-0.1.hum1 (aarch64, x86_64)\n  * mod_proxy_html-2.4.67-0.1.hum1 (aarch64, x86_64)\n  * mod_session-2.4.67-0.1.hum1 (aarch64, x86_64)\n  * mod_ssl-2.4.67-0.1.hum1 (aarch64, x86_64)\n  * httpd-2.4.67-0.1.hum1.src (src)",
        "title": "Details"
      },
      {
        "category": "legal_disclaimer",
        "text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
        "title": "Terms of Use"
      }
    ],
    "publisher": {
      "category": "vendor",
      "contact_details": "https://access.redhat.com/security/team/contact/",
      "issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
      "name": "Red Hat Product Security",
      "namespace": "https://www.redhat.com"
    },
    "references": [
      {
        "category": "self",
        "summary": "https://access.redhat.com/errata/RHSA-2026:13938",
        "url": "https://access.redhat.com/errata/RHSA-2026:13938"
      },
      {
        "category": "external",
        "summary": "https://images.redhat.com/",
        "url": "https://images.redhat.com/"
      },
      {
        "category": "external",
        "summary": "https://access.redhat.com/security/cve/CVE-2026-23918",
        "url": "https://access.redhat.com/security/cve/CVE-2026-23918"
      },
      {
        "category": "external",
        "summary": "https://access.redhat.com/security/cve/CVE-2026-24072",
        "url": "https://access.redhat.com/security/cve/CVE-2026-24072"
      },
      {
        "category": "external",
        "summary": "https://access.redhat.com/security/updates/classification/",
        "url": "https://access.redhat.com/security/updates/classification/"
      },
      {
        "category": "external",
        "summary": "https://access.redhat.com/security/cve/CVE-2026-34032",
        "url": "https://access.redhat.com/security/cve/CVE-2026-34032"
      },
      {
        "category": "external",
        "summary": "https://access.redhat.com/security/cve/CVE-2026-33007",
        "url": "https://access.redhat.com/security/cve/CVE-2026-33007"
      },
      {
        "category": "external",
        "summary": "https://access.redhat.com/security/cve/CVE-2026-34059",
        "url": "https://access.redhat.com/security/cve/CVE-2026-34059"
      },
      {
        "category": "self",
        "summary": "Canonical URL",
        "url": "https://security.access.redhat.com/data/csaf/v2/advisories/2026/rhsa-2026_13938.json"
      }
    ],
    "title": "Red Hat Security Advisory: Red Hat Hardened Images RPMs bug fix and enhancement update",
    "tracking": {
      "current_release_date": "2026-05-27T21:42:55+00:00",
      "generator": {
        "date": "2026-05-27T21:42:55+00:00",
        "engine": {
          "name": "Red Hat SDEngine",
          "version": "4.8.1"
        }
      },
      "id": "RHSA-2026:13938",
      "initial_release_date": "2026-05-06T08:55:25+00:00",
      "revision_history": [
        {
          "date": "2026-05-06T08:55:25+00:00",
          "number": "1",
          "summary": "Initial version"
        },
        {
          "date": "2026-05-20T19:06:43+00:00",
          "number": "2",
          "summary": "Last updated version"
        },
        {
          "date": "2026-05-27T21:42:55+00:00",
          "number": "3",
          "summary": "Last generated version"
        }
      ],
      "status": "final",
      "version": "3"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_name",
                "name": "Red Hat Hardened Images",
                "product": {
                  "name": "Red Hat Hardened Images",
                  "product_id": "Red Hat Hardened Images",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:redhat:hummingbird:1"
                  }
                }
              }
            ],
            "category": "product_family",
            "name": "Red Hat Hardened Images"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "httpd-main@aarch64",
                "product": {
                  "name": "httpd-main@aarch64",
                  "product_id": "httpd-main@aarch64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/httpd@2.4.67-0.1.hum1?arch=aarch64\u0026distro=hummingbird-20251124\u0026repository_id=public-hummingbird-aarch64-rpms"
                  }
                }
              }
            ],
            "category": "architecture",
            "name": "aarch64"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "httpd-main@src",
                "product": {
                  "name": "httpd-main@src",
                  "product_id": "httpd-main@src",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/httpd@2.4.67-0.1.hum1?arch=src\u0026distro=hummingbird-20251124\u0026repository_id=public-hummingbird-source-rpms"
                  }
                }
              }
            ],
            "category": "architecture",
            "name": "src"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "httpd-main@x86_64",
                "product": {
                  "name": "httpd-main@x86_64",
                  "product_id": "httpd-main@x86_64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/httpd@2.4.67-0.1.hum1?arch=x86_64\u0026distro=hummingbird-20251124\u0026repository_id=public-hummingbird-x86_64-rpms"
                  }
                }
              }
            ],
            "category": "architecture",
            "name": "x86_64"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "httpd-main@noarch",
                "product": {
                  "name": "httpd-main@noarch",
                  "product_id": "httpd-main@noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/httpd-filesystem@2.4.67-0.1.hum1?arch=noarch\u0026distro=hummingbird-20251124\u0026repository_id=public-hummingbird-x86_64-rpms"
                  }
                }
              }
            ],
            "category": "architecture",
            "name": "noarch"
          }
        ],
        "category": "vendor",
        "name": "Red Hat"
      }
    ],
    "relationships": [
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "httpd-main@aarch64 as a component of Red Hat Hardened Images",
          "product_id": "Red Hat Hardened Images:httpd-main@aarch64"
        },
        "product_reference": "httpd-main@aarch64",
        "relates_to_product_reference": "Red Hat Hardened Images"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "httpd-main@noarch as a component of Red Hat Hardened Images",
          "product_id": "Red Hat Hardened Images:httpd-main@noarch"
        },
        "product_reference": "httpd-main@noarch",
        "relates_to_product_reference": "Red Hat Hardened Images"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "httpd-main@src as a component of Red Hat Hardened Images",
          "product_id": "Red Hat Hardened Images:httpd-main@src"
        },
        "product_reference": "httpd-main@src",
        "relates_to_product_reference": "Red Hat Hardened Images"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "httpd-main@x86_64 as a component of Red Hat Hardened Images",
          "product_id": "Red Hat Hardened Images:httpd-main@x86_64"
        },
        "product_reference": "httpd-main@x86_64",
        "relates_to_product_reference": "Red Hat Hardened Images"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2026-23918",
      "cwe": {
        "id": "CWE-1341",
        "name": "Multiple Releases of Same Resource or Handle"
      },
      "discovery_date": "2026-05-04T15:01:41.066212+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "2465304"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A flaw was found in Apache HTTP Server. This vulnerability, related to a double free error within the HTTP/2 protocol implementation, could potentially allow a remote attacker to execute arbitrary code. Successful exploitation could lead to a complete compromise of the affected system.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "Apache HTTP Server: Apache HTTP Server: Remote Code Execution via Double Free in HTTP/2 Protocol",
          "title": "Vulnerability summary"
        },
        {
          "category": "other",
          "text": "This issue marked as Important rather than Moderate because it involves a memory safety violation (double free) in the HTTP/2 request handling path, which is directly exposed to untrusted network input. A double free condition can corrupt the heap allocator\u2019s internal metadata, enabling attackers to manipulate memory layout and potentially achieve arbitrary code execution (RCE) under favorable conditions. In this case, the flaw is triggered during an early stream reset in HTTP/2, meaning it can be exercised pre-authentication by a remote client without requiring complex application-level interaction. Given that Apache HTTP Server is widely deployed in internet-facing environments, even a low-probability RCE path significantly elevates risk.\n\n\n\nAdditionally, the vulnerability exists in a core protocol module rather than an optional edge feature, increasing the likelihood of exposure. It is also important to note that this vulnerability specifically affects Apache HTTP Server version 2.4.66 only, and our mod_http2 packages are not affected as they are built against non-vulnerable httpd versions.",
          "title": "Statement"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "Red Hat Hardened Images:httpd-main@aarch64",
          "Red Hat Hardened Images:httpd-main@noarch",
          "Red Hat Hardened Images:httpd-main@src",
          "Red Hat Hardened Images:httpd-main@x86_64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2026-23918"
        },
        {
          "category": "external",
          "summary": "RHBZ#2465304",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2465304"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2026-23918",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-23918"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-23918",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-23918"
        },
        {
          "category": "external",
          "summary": "https://httpd.apache.org/security/vulnerabilities_24.html",
          "url": "https://httpd.apache.org/security/vulnerabilities_24.html"
        }
      ],
      "release_date": "2026-05-04T14:44:28.513000+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2026-05-06T08:55:25+00:00",
          "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\nhttps://images.redhat.com/",
          "product_ids": [
            "Red Hat Hardened Images:httpd-main@aarch64",
            "Red Hat Hardened Images:httpd-main@noarch",
            "Red Hat Hardened Images:httpd-main@src",
            "Red Hat Hardened Images:httpd-main@x86_64"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2026:13938"
        },
        {
          "category": "workaround",
          "details": "To mitigate this issue, disable the `mod_http2` module in your Apache HTTP Server configuration. This can be achieved by commenting out or removing the `LoadModule http2_module modules/mod_http2.so` line in the Apache configuration file (e.g., `/etc/httpd/conf.modules.d/00-base.conf` or a similar configuration file). After modifying the configuration, restart the httpd service for the changes to take effect. This action will impact services relying on HTTP/2 functionality.",
          "product_ids": [
            "Red Hat Hardened Images:httpd-main@aarch64",
            "Red Hat Hardened Images:httpd-main@noarch",
            "Red Hat Hardened Images:httpd-main@src",
            "Red Hat Hardened Images:httpd-main@x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 8.8,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "products": [
            "Red Hat Hardened Images:httpd-main@aarch64",
            "Red Hat Hardened Images:httpd-main@noarch",
            "Red Hat Hardened Images:httpd-main@src",
            "Red Hat Hardened Images:httpd-main@x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Important"
        }
      ],
      "title": "Apache HTTP Server: Apache HTTP Server: Remote Code Execution via Double Free in HTTP/2 Protocol"
    },
    {
      "cve": "CVE-2026-24072",
      "cwe": {
        "id": "CWE-73",
        "name": "External Control of File Name or Path"
      },
      "discovery_date": "2026-05-04T13:01:13.896013+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "2464941"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A flaw was found in Apache HTTP Server. This escalation of privilege vulnerability allows local attackers, specifically those with the ability to author .htaccess files, to read sensitive files. This flaw enables unauthorized access to files with the privileges of the httpd user, potentially leading to information disclosure.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "Apache HTTP Server: mod_rewrite: Apache HTTP Server: Privilege Escalation via .htaccess file manipulation",
          "title": "Vulnerability summary"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "Red Hat Hardened Images:httpd-main@aarch64",
          "Red Hat Hardened Images:httpd-main@noarch",
          "Red Hat Hardened Images:httpd-main@src",
          "Red Hat Hardened Images:httpd-main@x86_64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2026-24072"
        },
        {
          "category": "external",
          "summary": "RHBZ#2464941",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2464941"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2026-24072",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-24072"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-24072",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-24072"
        },
        {
          "category": "external",
          "summary": "https://httpd.apache.org/security/vulnerabilities_24.html",
          "url": "https://httpd.apache.org/security/vulnerabilities_24.html"
        }
      ],
      "release_date": "2026-05-04T12:37:57.673000+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2026-05-06T08:55:25+00:00",
          "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\nhttps://images.redhat.com/",
          "product_ids": [
            "Red Hat Hardened Images:httpd-main@aarch64",
            "Red Hat Hardened Images:httpd-main@noarch",
            "Red Hat Hardened Images:httpd-main@src",
            "Red Hat Hardened Images:httpd-main@x86_64"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2026:13938"
        },
        {
          "category": "workaround",
          "details": "To prevent local users from exploiting this flaw via .htaccess file manipulation, configure Apache HTTP Server to disable .htaccess overrides. Set `AllowOverride None` within the main server configuration or relevant `\u003cDirectory\u003e` blocks. This restricts the ability of local users to alter server settings. After applying this change, the `httpd` service must be reloaded or restarted for the new configuration to take effect.\n\nExample configuration:\n```\n\u003cDirectory \"/var/www/html\"\u003e\n    AllowOverride None\n\u003c/Directory\u003e\n```\nTo apply changes, reload the service:\n`sudo systemctl reload httpd`\nOr restart the service:\n`sudo systemctl restart httpd`",
          "product_ids": [
            "Red Hat Hardened Images:httpd-main@aarch64",
            "Red Hat Hardened Images:httpd-main@noarch",
            "Red Hat Hardened Images:httpd-main@src",
            "Red Hat Hardened Images:httpd-main@x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "NONE",
            "baseScore": 5.5,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "NONE",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
            "version": "3.1"
          },
          "products": [
            "Red Hat Hardened Images:httpd-main@aarch64",
            "Red Hat Hardened Images:httpd-main@noarch",
            "Red Hat Hardened Images:httpd-main@src",
            "Red Hat Hardened Images:httpd-main@x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "Apache HTTP Server: mod_rewrite: Apache HTTP Server: Privilege Escalation via .htaccess file manipulation"
    },
    {
      "cve": "CVE-2026-33007",
      "cwe": {
        "id": "CWE-476",
        "name": "NULL Pointer Dereference"
      },
      "discovery_date": "2026-05-04T15:01:24.989510+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "2465299"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A flaw was found in the mod_authn_socache module of httpd. This vulnerability allows an unauthenticated remote user to crash a child process due to a NULL pointer dereference when the server is operating in a caching forward proxy configuration.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "httpd: mod_authn_socache: NULL pointer dereference can cause a child process crash",
          "title": "Vulnerability summary"
        },
        {
          "category": "other",
          "text": "This issue allows an unauthenticated remote attacker to cause a crash in a child process. However, the main parent process remains active and functional. Due to this reason, this flaw has been rated with a moderate severity.\n\nThis flaw only affects configurations with mod_authn_socache loaded and being used. This module can be disabled via the configuration file if its functionality is not being used.",
          "title": "Statement"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "Red Hat Hardened Images:httpd-main@aarch64",
          "Red Hat Hardened Images:httpd-main@noarch",
          "Red Hat Hardened Images:httpd-main@src",
          "Red Hat Hardened Images:httpd-main@x86_64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2026-33007"
        },
        {
          "category": "external",
          "summary": "RHBZ#2465299",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2465299"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2026-33007",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-33007"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-33007",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-33007"
        },
        {
          "category": "external",
          "summary": "https://httpd.apache.org/security/vulnerabilities_24.html",
          "url": "https://httpd.apache.org/security/vulnerabilities_24.html"
        }
      ],
      "release_date": "2026-05-04T14:41:27.520000+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2026-05-06T08:55:25+00:00",
          "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\nhttps://images.redhat.com/",
          "product_ids": [
            "Red Hat Hardened Images:httpd-main@aarch64",
            "Red Hat Hardened Images:httpd-main@noarch",
            "Red Hat Hardened Images:httpd-main@src",
            "Red Hat Hardened Images:httpd-main@x86_64"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2026:13938"
        },
        {
          "category": "workaround",
          "details": "Disabling mod_authn_socache and restarting httpd will mitigate this flaw.",
          "product_ids": [
            "Red Hat Hardened Images:httpd-main@aarch64",
            "Red Hat Hardened Images:httpd-main@noarch",
            "Red Hat Hardened Images:httpd-main@src",
            "Red Hat Hardened Images:httpd-main@x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "LOW",
            "baseScore": 5.3,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
            "version": "3.1"
          },
          "products": [
            "Red Hat Hardened Images:httpd-main@aarch64",
            "Red Hat Hardened Images:httpd-main@noarch",
            "Red Hat Hardened Images:httpd-main@src",
            "Red Hat Hardened Images:httpd-main@x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "httpd: mod_authn_socache: NULL pointer dereference can cause a child process crash"
    },
    {
      "cve": "CVE-2026-34032",
      "cwe": {
        "id": "CWE-170",
        "name": "Improper Null Termination"
      },
      "discovery_date": "2026-05-04T14:01:07.000400+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "2464952"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A flaw was found in the mod_proxy_ajp module of httpd. When processing AJP (Apache JServ Protocol) messages, the server fails to properly check if a string is null-terminated before attempting to read it, allowing an attacker or a malformed request to cause a heap-based buffer over-read. This issue potentially leads to memory disclosure and a denial of service.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "httpd: mod_proxy_ajp: heap-based buffer over-read due to missing null-termination check",
          "title": "Vulnerability summary"
        },
        {
          "category": "other",
          "text": "To exploit this issue, the Apache HTTP Server must be configured to connect to an untrusted or compromised AJP backend server, limiting its exposure. Due to this reason, this flaw has been rated with a moderate severity.\n\nThis flaw only affects configurations with mod_proxy_ajp loaded and being used. This module can be disabled via the configuration file if its functionality is not being used.",
          "title": "Statement"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "Red Hat Hardened Images:httpd-main@aarch64",
          "Red Hat Hardened Images:httpd-main@noarch",
          "Red Hat Hardened Images:httpd-main@src",
          "Red Hat Hardened Images:httpd-main@x86_64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2026-34032"
        },
        {
          "category": "external",
          "summary": "RHBZ#2464952",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2464952"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2026-34032",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-34032"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-34032",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-34032"
        },
        {
          "category": "external",
          "summary": "https://httpd.apache.org/security/vulnerabilities_24.html",
          "url": "https://httpd.apache.org/security/vulnerabilities_24.html"
        }
      ],
      "release_date": "2026-05-04T12:54:54.383000+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2026-05-06T08:55:25+00:00",
          "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\nhttps://images.redhat.com/",
          "product_ids": [
            "Red Hat Hardened Images:httpd-main@aarch64",
            "Red Hat Hardened Images:httpd-main@noarch",
            "Red Hat Hardened Images:httpd-main@src",
            "Red Hat Hardened Images:httpd-main@x86_64"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2026:13938"
        },
        {
          "category": "workaround",
          "details": "Disabling mod_proxy_ajp and restarting httpd will mitigate this flaw.",
          "product_ids": [
            "Red Hat Hardened Images:httpd-main@aarch64",
            "Red Hat Hardened Images:httpd-main@noarch",
            "Red Hat Hardened Images:httpd-main@src",
            "Red Hat Hardened Images:httpd-main@x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 8.2,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "LOW",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "Red Hat Hardened Images:httpd-main@aarch64",
            "Red Hat Hardened Images:httpd-main@noarch",
            "Red Hat Hardened Images:httpd-main@src",
            "Red Hat Hardened Images:httpd-main@x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "httpd: mod_proxy_ajp: heap-based buffer over-read due to missing null-termination check"
    },
    {
      "cve": "CVE-2026-34059",
      "cwe": {
        "id": "CWE-126",
        "name": "Buffer Over-read"
      },
      "discovery_date": "2026-05-04T13:01:08.557596+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "2464940"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A flaw was found in the mod_proxy_ajp module of httpd. When processing AJP (Apache JServ Protocol) messages, the ajp_parse_data function attempts to read data beyond the allocated buffer size, allowing an attacker or a malformed request to cause a heap-based buffer over-read. This issue potentially leads to memory disclosure and a denial of service.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "httpd: mod_proxy_ajp: heap-based buffer over-read and memory disclosure in ajp_parse_data()",
          "title": "Vulnerability summary"
        },
        {
          "category": "other",
          "text": "To exploit this issue, the Apache HTTP Server must be configured to connect to an untrusted or compromised AJP backend server, limiting its exposure. Due to this reason, this flaw has been rated with a moderate severity.\n\nThis flaw only affects configurations with mod_proxy_ajp loaded and being used. This module can be disabled via the configuration file if its functionality is not being used.",
          "title": "Statement"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "Red Hat Hardened Images:httpd-main@aarch64",
          "Red Hat Hardened Images:httpd-main@noarch",
          "Red Hat Hardened Images:httpd-main@src",
          "Red Hat Hardened Images:httpd-main@x86_64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2026-34059"
        },
        {
          "category": "external",
          "summary": "RHBZ#2464940",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2464940"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2026-34059",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-34059"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-34059",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-34059"
        },
        {
          "category": "external",
          "summary": "https://httpd.apache.org/security/vulnerabilities_24.html",
          "url": "https://httpd.apache.org/security/vulnerabilities_24.html"
        }
      ],
      "release_date": "2026-05-04T12:39:42.273000+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2026-05-06T08:55:25+00:00",
          "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\nhttps://images.redhat.com/",
          "product_ids": [
            "Red Hat Hardened Images:httpd-main@aarch64",
            "Red Hat Hardened Images:httpd-main@noarch",
            "Red Hat Hardened Images:httpd-main@src",
            "Red Hat Hardened Images:httpd-main@x86_64"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2026:13938"
        },
        {
          "category": "workaround",
          "details": "Disabling mod_proxy_ajp and restarting httpd will mitigate this flaw.",
          "product_ids": [
            "Red Hat Hardened Images:httpd-main@aarch64",
            "Red Hat Hardened Images:httpd-main@noarch",
            "Red Hat Hardened Images:httpd-main@src",
            "Red Hat Hardened Images:httpd-main@x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 8.2,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "LOW",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "Red Hat Hardened Images:httpd-main@aarch64",
            "Red Hat Hardened Images:httpd-main@noarch",
            "Red Hat Hardened Images:httpd-main@src",
            "Red Hat Hardened Images:httpd-main@x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "httpd: mod_proxy_ajp: heap-based buffer over-read and memory disclosure in ajp_parse_data()"
    }
  ]
}

CVE-2026-23918 (GCVE-0-2026-23918)

Vulnerability from cvelistv5 – Published: 2026-05-04 14:44 – Updated: 2026-05-05 03:56

Title

Apache HTTP Server: http2: double free and possible RCE on early reset

Summary

Double Free and possible RCE vulnerability in Apache HTTP Server with the HTTP/2 protocol. This issue affects Apache HTTP Server: 2.4.66. Users are recommended to upgrade to version 2.4.67, which fixes the issue.

Severity

No CVSS data available.

CWE

CWE-415 - Double Free

Assigner

apache

References

1 reference

URL	Tags
https://httpd.apache.org/security/vulnerabilities…	vendor-advisory

Impacted products

1 product

Vendor	Product	Version
Apache Software Foundation	Apache HTTP Server	Affected: 2.4.66 (semver)

Credits

Bartlomiej Dmitruk, striga.ai Stanislaw Strzalkowski, isec.pl

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "cvssV3_1": {
              "attackComplexity": "LOW",
              "attackVector": "NETWORK",
              "availabilityImpact": "HIGH",
              "baseScore": 8.8,
              "baseSeverity": "HIGH",
              "confidentialityImpact": "HIGH",
              "integrityImpact": "HIGH",
              "privilegesRequired": "LOW",
              "scope": "UNCHANGED",
              "userInteraction": "NONE",
              "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
              "version": "3.1"
            }
          },
          {
            "other": {
              "content": {
                "id": "CVE-2026-23918",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2026-05-04T00:00:00+00:00",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2026-05-05T03:56:10.684Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2026-05-04T17:32:35.852Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "url": "http://www.openwall.com/lists/oss-security/2026/05/04/19"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Apache HTTP Server",
          "vendor": "Apache Software Foundation",
          "versions": [
            {
              "status": "affected",
              "version": "2.4.66",
              "versionType": "semver"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "type": "finder",
          "value": "Bartlomiej Dmitruk, striga.ai"
        },
        {
          "lang": "en",
          "type": "finder",
          "value": "Stanislaw Strzalkowski, isec.pl"
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "\u003cp\u003eDouble Free and possible RCE vulnerability in Apache HTTP Server with the HTTP/2 protocol.\u003c/p\u003e\u003cp\u003eThis issue affects Apache HTTP Server: 2.4.66.\u003c/p\u003e\u003cp\u003eUsers are recommended to upgrade to version 2.4.67, which fixes the issue.\u003c/p\u003e"
            }
          ],
          "value": "Double Free and possible RCE vulnerability in Apache HTTP Server with the HTTP/2 protocol.\n\nThis issue affects Apache HTTP Server: 2.4.66.\n\nUsers are recommended to upgrade to version 2.4.67, which fixes the issue."
        }
      ],
      "metrics": [
        {
          "other": {
            "content": {
              "text": "important"
            },
            "type": "Textual description of severity"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-415",
              "description": "CWE-415 Double Free",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-05-04T14:44:28.513Z",
        "orgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09",
        "shortName": "apache"
      },
      "references": [
        {
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://httpd.apache.org/security/vulnerabilities_24.html"
        }
      ],
      "source": {
        "discovery": "UNKNOWN"
      },
      "timeline": [
        {
          "lang": "en",
          "time": "2025-12-10T14:02:00.000Z",
          "value": "reported in PR 69899"
        },
        {
          "lang": "en",
          "time": "2025-12-11T14:03:00.000Z",
          "value": "fixed in r1930444, r1930796"
        }
      ],
      "title": "Apache HTTP Server: http2: double free and possible RCE on early reset",
      "x_generator": {
        "engine": "Vulnogram 0.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09",
    "assignerShortName": "apache",
    "cveId": "CVE-2026-23918",
    "datePublished": "2026-05-04T14:44:28.513Z",
    "dateReserved": "2026-01-19T13:00:21.720Z",
    "dateUpdated": "2026-05-05T03:56:10.684Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2026-24072 (GCVE-0-2026-24072)

Vulnerability from cvelistv5 – Published: 2026-05-04 12:37 – Updated: 2026-05-05 03:56

Title

Apache HTTP Server: mod_rewrite elevation of privileges via ap_expr

Summary

An escalation of privilege bug in various modules in Apache HTTP 2.4.66 and earlier allows local .htaccess authors to read files with the privileges of the httpd user. Users are recommended to upgrade to version 2.4.67, which fixes this issue.

Severity

No CVSS data available.

CWE

CWE-269 - Improper Privilege Management

Assigner

apache

References

1 reference

URL	Tags
https://httpd.apache.org/security/vulnerabilities…	vendor-advisory

Impacted products

1 product

Vendor	Product	Version
Apache Software Foundation	Apache HTTP Server	Affected: 0 , ≤ 2.4.66 (semver)

Credits

y7syeu

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2026-05-04T17:32:36.948Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "url": "http://www.openwall.com/lists/oss-security/2026/05/04/18"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "cvssV3_1": {
              "attackComplexity": "LOW",
              "attackVector": "NETWORK",
              "availabilityImpact": "HIGH",
              "baseScore": 8.8,
              "baseSeverity": "HIGH",
              "confidentialityImpact": "HIGH",
              "integrityImpact": "HIGH",
              "privilegesRequired": "LOW",
              "scope": "UNCHANGED",
              "userInteraction": "NONE",
              "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
              "version": "3.1"
            }
          },
          {
            "other": {
              "content": {
                "id": "CVE-2026-24072",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2026-05-04T00:00:00+00:00",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2026-05-05T03:56:09.568Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Apache HTTP Server",
          "vendor": "Apache Software Foundation",
          "versions": [
            {
              "lessThanOrEqual": "2.4.66",
              "status": "affected",
              "version": "0",
              "versionType": "semver"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "type": "finder",
          "value": "y7syeu"
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "An escalation of privilege bug in various modules in Apache HTTP 2.4.66 and earlier allows local .htaccess authors to read files with the privileges of the httpd user.\u003cbr\u003e\u003cbr\u003eUsers are recommended to upgrade to version 2.4.67, which fixes this issue."
            }
          ],
          "value": "An escalation of privilege bug in various modules in Apache HTTP 2.4.66 and earlier allows local .htaccess authors to read files with the privileges of the httpd user.\n\nUsers are recommended to upgrade to version 2.4.67, which fixes this issue."
        }
      ],
      "metrics": [
        {
          "other": {
            "content": {
              "text": "moderate"
            },
            "type": "Textual description of severity"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-269",
              "description": "CWE-269 Improper Privilege Management",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-05-04T12:37:57.673Z",
        "orgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09",
        "shortName": "apache"
      },
      "references": [
        {
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://httpd.apache.org/security/vulnerabilities_24.html"
        }
      ],
      "source": {
        "discovery": "UNKNOWN"
      },
      "timeline": [
        {
          "lang": "en",
          "time": "2026-01-20T08:40:00.000Z",
          "value": "Report received"
        },
        {
          "lang": "en",
          "time": "2026-05-04T12:00:00.000Z",
          "value": "fixed in 2.4.x by r1933350"
        }
      ],
      "title": "Apache HTTP Server: mod_rewrite elevation of privileges via ap_expr",
      "x_generator": {
        "engine": "Vulnogram 0.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09",
    "assignerShortName": "apache",
    "cveId": "CVE-2026-24072",
    "datePublished": "2026-05-04T12:37:57.673Z",
    "dateReserved": "2026-01-21T12:37:38.184Z",
    "dateUpdated": "2026-05-05T03:56:09.568Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2026-33007 (GCVE-0-2026-33007)

Vulnerability from cvelistv5 – Published: 2026-05-04 14:41 – Updated: 2026-05-05 15:07

Title

Apache HTTP Server: mod_authn_socache crash

Summary

A NULL pointer dereference in the mod_authn_socache in Apache HTTP Server 2.4.66 and earlier allows an unauthenticated remote user to crash a child process in a caching forward proxy configuration. Users are recommended to upgrade to version 2.4.67, which fixes this issue.

Severity

No CVSS data available.

CWE

CWE-476 - NULL Pointer Dereference

Assigner

apache

References

1 reference

URL	Tags
https://httpd.apache.org/security/vulnerabilities…	vendor-advisory

Impacted products

1 product

Vendor	Product	Version
Apache Software Foundation	Apache HTTP Server	Affected: 2.4.0 , ≤ 2.4.66 (semver)

Credits

Pavel Kohout, Aisle Research, Aisle.com Arkadi Vainbrand

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "cvssV3_1": {
              "attackComplexity": "LOW",
              "attackVector": "NETWORK",
              "availabilityImpact": "LOW",
              "baseScore": 5.3,
              "baseSeverity": "MEDIUM",
              "confidentialityImpact": "NONE",
              "integrityImpact": "NONE",
              "privilegesRequired": "NONE",
              "scope": "UNCHANGED",
              "userInteraction": "NONE",
              "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
              "version": "3.1"
            }
          },
          {
            "other": {
              "content": {
                "id": "CVE-2026-33007",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "yes"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2026-05-04T15:13:12.273045Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2026-05-04T15:13:14.598Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2026-05-04T17:32:48.215Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "url": "http://www.openwall.com/lists/oss-security/2026/05/04/22"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Apache HTTP Server",
          "vendor": "Apache Software Foundation",
          "versions": [
            {
              "lessThanOrEqual": "2.4.66",
              "status": "affected",
              "version": "2.4.0",
              "versionType": "semver"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "type": "finder",
          "value": "Pavel Kohout, Aisle Research, Aisle.com"
        },
        {
          "lang": "en",
          "type": "finder",
          "value": "Arkadi Vainbrand"
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "A NULL pointer dereference in the mod_authn_socache in Apache HTTP Server 2.4.66 and earlier allows an unauthenticated remote user to crash a child process in a caching forward proxy configuration.\u003cbr\u003e\u003cbr\u003eUsers are recommended to upgrade to version 2.4.67, which fixes this issue."
            }
          ],
          "value": "A NULL pointer dereference in the mod_authn_socache in Apache HTTP Server 2.4.66 and earlier allows an unauthenticated remote user to crash a child process in a caching forward proxy configuration.\n\nUsers are recommended to upgrade to version 2.4.67, which fixes this issue."
        }
      ],
      "metrics": [
        {
          "other": {
            "content": {
              "text": "low"
            },
            "type": "Textual description of severity"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-476",
              "description": "CWE-476 NULL Pointer Dereference",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-05-05T15:07:42.103Z",
        "orgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09",
        "shortName": "apache"
      },
      "references": [
        {
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://httpd.apache.org/security/vulnerabilities_24.html"
        }
      ],
      "source": {
        "discovery": "EXTERNAL"
      },
      "timeline": [
        {
          "lang": "en",
          "time": "2026-03-04T12:15:00.000Z",
          "value": "Report received"
        },
        {
          "lang": "eng",
          "time": "2026-05-04T12:00:00.000Z",
          "value": "2.4.67 released"
        },
        {
          "lang": "en",
          "time": "2026-05-04T12:00:00.000Z",
          "value": "fixed in 2.4.x by r1933358"
        }
      ],
      "title": "Apache HTTP Server: mod_authn_socache crash",
      "x_generator": {
        "engine": "Vulnogram 0.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09",
    "assignerShortName": "apache",
    "cveId": "CVE-2026-33007",
    "datePublished": "2026-05-04T14:41:27.520Z",
    "dateReserved": "2026-03-17T16:46:05.025Z",
    "dateUpdated": "2026-05-05T15:07:42.103Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2026-34032 (GCVE-0-2026-34032)

Vulnerability from cvelistv5 – Published: 2026-05-04 12:54 – Updated: 2026-05-04 17:32

Title

Apache HTTP Server: mod_proxy_ajp: Heap Buffer Over-Read Due to Missing Null-Termination Check (ajp_msg_get_string)

Summary

Improper Null Termination, Out-of-bounds Read vulnerability in Apache HTTP Server. This issue affects Apache HTTP Server: through 2.4.66. Users are recommended to upgrade to version 2.4.67, which fixes the issue.

Severity

No CVSS data available.

CWE

CWE-170 - Improper Null Termination
CWE-125 - Out-of-bounds Read

Assigner

apache

References

1 reference

URL	Tags
https://httpd.apache.org/security/vulnerabilities…	vendor-advisory

Impacted products

1 product

Vendor	Product	Version
Apache Software Foundation	Apache HTTP Server	Affected: 0 , ≤ 2.4.66 (semver)

Credits

Tianshuo Han (<hantianshuo233@gmail.com>) Jérôme Djouder

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "cvssV3_1": {
              "attackComplexity": "LOW",
              "attackVector": "NETWORK",
              "availabilityImpact": "NONE",
              "baseScore": 5.3,
              "baseSeverity": "MEDIUM",
              "confidentialityImpact": "LOW",
              "integrityImpact": "NONE",
              "privilegesRequired": "NONE",
              "scope": "UNCHANGED",
              "userInteraction": "NONE",
              "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
              "version": "3.1"
            }
          },
          {
            "other": {
              "content": {
                "id": "CVE-2026-34032",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "yes"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2026-05-04T14:05:36.659371Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2026-05-04T14:05:58.672Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2026-05-04T17:32:51.452Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "url": "http://www.openwall.com/lists/oss-security/2026/05/04/16"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Apache HTTP Server",
          "vendor": "Apache Software Foundation",
          "versions": [
            {
              "lessThanOrEqual": "2.4.66",
              "status": "affected",
              "version": "0",
              "versionType": "semver"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "type": "finder",
          "value": "Tianshuo Han (\u003chantianshuo233@gmail.com\u003e)"
        },
        {
          "lang": "en",
          "type": "finder",
          "value": "J\u00e9r\u00f4me Djouder"
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "\u003cp\u003eImproper Null Termination, Out-of-bounds Read vulnerability in Apache HTTP Server.\u003c/p\u003e\u003cp\u003eThis issue affects Apache HTTP Server: through 2.4.66.\u003c/p\u003e\u003cp\u003eUsers are recommended to upgrade to version 2.4.67, which fixes the issue.\u003c/p\u003e"
            }
          ],
          "value": "Improper Null Termination, Out-of-bounds Read vulnerability in Apache HTTP Server.\n\nThis issue affects Apache HTTP Server: through 2.4.66.\n\nUsers are recommended to upgrade to version 2.4.67, which fixes the issue."
        }
      ],
      "metrics": [
        {
          "other": {
            "content": {
              "text": "low"
            },
            "type": "Textual description of severity"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-170",
              "description": "CWE-170 Improper Null Termination",
              "lang": "en",
              "type": "CWE"
            }
          ]
        },
        {
          "descriptions": [
            {
              "cweId": "CWE-125",
              "description": "CWE-125 Out-of-bounds Read",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-05-04T12:54:54.383Z",
        "orgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09",
        "shortName": "apache"
      },
      "references": [
        {
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://httpd.apache.org/security/vulnerabilities_24.html"
        }
      ],
      "source": {
        "discovery": "UNKNOWN"
      },
      "timeline": [
        {
          "lang": "en",
          "time": "2026-03-01T02:27:00.000Z",
          "value": "Report received"
        },
        {
          "lang": "en",
          "time": "2026-05-04T12:00:00.000Z",
          "value": "fixed in 2.4.x by r1933343"
        }
      ],
      "title": "Apache HTTP Server: mod_proxy_ajp: Heap Buffer Over-Read Due to Missing Null-Termination Check (ajp_msg_get_string)",
      "x_generator": {
        "engine": "Vulnogram 0.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09",
    "assignerShortName": "apache",
    "cveId": "CVE-2026-34032",
    "datePublished": "2026-05-04T12:54:54.383Z",
    "dateReserved": "2026-03-25T13:39:27.421Z",
    "dateUpdated": "2026-05-04T17:32:51.452Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2026-34059 (GCVE-0-2026-34059)

Vulnerability from cvelistv5 – Published: 2026-05-04 12:39 – Updated: 2026-05-04 17:32

Title

Apache HTTP Server: mod_proxy_ajp: Heap Over-Read and memory disclosure in ajp_parse_data()

Summary

Buffer Over-read vulnerability in Apache HTTP Server. This issue affects Apache HTTP Server: through 2.4.66. Users are recommended to upgrade to version 2.4.67, which fixes the issue.

Severity

No CVSS data available.

CWE

CWE-126 - Buffer Over-read

Assigner

apache

References

1 reference

URL	Tags
https://httpd.apache.org/security/vulnerabilities…	vendor-advisory

Impacted products

1 product

Vendor	Product	Version
Apache Software Foundation	Apache HTTP Server	Affected: 0 , ≤ 2.4.66 (semver)

Credits

Elhanan Haenel

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "cvssV3_1": {
              "attackComplexity": "LOW",
              "attackVector": "NETWORK",
              "availabilityImpact": "NONE",
              "baseScore": 7.5,
              "baseSeverity": "HIGH",
              "confidentialityImpact": "HIGH",
              "integrityImpact": "NONE",
              "privilegesRequired": "NONE",
              "scope": "UNCHANGED",
              "userInteraction": "NONE",
              "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
              "version": "3.1"
            }
          },
          {
            "other": {
              "content": {
                "id": "CVE-2026-34059",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "yes"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2026-05-04T14:10:32.282672Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2026-05-04T14:12:46.186Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2026-05-04T17:32:52.565Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "url": "http://www.openwall.com/lists/oss-security/2026/05/04/17"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Apache HTTP Server",
          "vendor": "Apache Software Foundation",
          "versions": [
            {
              "lessThanOrEqual": "2.4.66",
              "status": "affected",
              "version": "0",
              "versionType": "semver"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "type": "finder",
          "value": "Elhanan Haenel"
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "\u003cp\u003eBuffer Over-read vulnerability in Apache HTTP Server.\u003c/p\u003e\u003cp\u003eThis issue affects Apache HTTP Server: through 2.4.66.\u003c/p\u003e\u003cp\u003eUsers are recommended to upgrade to version 2.4.67, which fixes the issue.\u003c/p\u003e"
            }
          ],
          "value": "Buffer Over-read vulnerability in Apache HTTP Server.\n\nThis issue affects Apache HTTP Server: through 2.4.66.\n\nUsers are recommended to upgrade to version 2.4.67, which fixes the issue."
        }
      ],
      "metrics": [
        {
          "other": {
            "content": {
              "text": "low"
            },
            "type": "Textual description of severity"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-126",
              "description": "CWE-126 Buffer Over-read",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-05-04T12:39:42.273Z",
        "orgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09",
        "shortName": "apache"
      },
      "references": [
        {
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://httpd.apache.org/security/vulnerabilities_24.html"
        }
      ],
      "source": {
        "discovery": "UNKNOWN"
      },
      "timeline": [
        {
          "lang": "en",
          "time": "2026-03-20T15:02:00.000Z",
          "value": "Report received"
        },
        {
          "lang": "en",
          "time": "2026-05-04T12:00:00.000Z",
          "value": "fixed in 2.4.x by r1933346"
        }
      ],
      "title": "Apache HTTP Server: mod_proxy_ajp: Heap Over-Read and memory disclosure in  ajp_parse_data()",
      "x_generator": {
        "engine": "Vulnogram 0.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09",
    "assignerShortName": "apache",
    "cveId": "CVE-2026-34059",
    "datePublished": "2026-05-04T12:39:42.273Z",
    "dateReserved": "2026-03-25T16:18:03.089Z",
    "dateUpdated": "2026-05-04T17:32:52.565Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

Sightings

Author	Source	Type	Date	Other

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

RHSA-2026:13938

CVE-2026-23918 (GCVE-0-2026-23918)

CVE-2026-24072 (GCVE-0-2026-24072)

CVE-2026-33007 (GCVE-0-2026-33007)

CVE-2026-34032 (GCVE-0-2026-34032)

CVE-2026-34059 (GCVE-0-2026-34059)

Tags

Sightings

Nomenclature